Azure Key Vault is a service that provides centralized secrets management, with full control over access policies and audit history. When an app setting or connection string is a key vault reference, your application code can use it like any other app setting or connection string.
Grant the app access to Key Vault
2 Methods or models to authorize :
Azure role-based access control: Assign the Key Vault Secrets User role to the managed identity.
Vault access policy: Assign the Get secrets permission to the managed identity.
Access Network-restricted vaults
If Key Vault is configured with network restrictions, ensure that the app has network access. To make the vault accept traffic from a virtual network, execute the PowerShell :
| Code Block | ||
|---|---|---|
| ||
Update-AzFunctionAppSetting -Name <app-name> -ResourceGroupName <group-name> -AppSetting @{vnetRouteAllEnabled = $true} |